Table of Contents
Advertisement
A certificate contains the entity's name, public key, and an expiration date—as well
as a serial number and
about the privileges associated with the certificate.
When a network entity receives a certificate, it verifies that it is a
that is, one that has been issued and signed by a
certificate remains valid until it expires or until it is revoked.
Certificate Revocation Lists
Typically, when a CA signs a certificate binding a public key pair to a user identity,
the certificate is valid for a specified period of time. However, certain events, such
as user name changes or compromised private keys, can render a certificate invalid
before the validity period expires. When this happens, the CA revokes the certificate
and adds its serial number to a Certificate Revocation List (CRL). CAs periodically
publish CRLs to alert the user population when it is no longer acceptable to use a
particular public key to verify its associated user identity.
When servers or clients receive user certificates in an Oracle environment, they can
validate the certificate by checking its expiration date, signature, and revocation
status. Certificate revocation status is checked by validating it against published
CRLs. If certificate revocation status checking is turned on, then the server searches
for the appropriate CRL depending on how this feature has been configured. The
server searches for CRLs in the following locations:
Local file system
1.
Oracle Internet Directory
2.
CRL Distribution
3.
(CRL DP) X.509, version 3, certificate extension when the certificate is issued.
"Certificate Validation with Certificate Revocation
See Also:
Lists"
on page 7-35 for information about configuring and
managing this PKI component
To use CRLs with other Oracle products, refer to the specific
Note:
product documentation. This implementation of certificate
validation with CRLs is only available in the Oracle Database 10g
Release 1 (10.1) SSL adapter.
Public Key Infrastructure in an Oracle Environment
information. It can also contain information
certificate chain
Point, a location specified in the CRL Distribution Point
Configuring Secure Sockets Layer Authentication 7-7
trusted
authority. A
trusted certificate
certificate,
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?
Questions and answers